Splunk Search

Community Activity

Is max_searches_per_cpu at 6 a good set-up? On our primary search head max_searches_per_cpu is set to 6. I wonder if it’s a good effective set-up. Where can I fi... by danielbb Motivator in Splunk Search 12-31-2019 0 7	0	7
How to group events by time after using timechart span? I'm using the following search with timechart span=1h to show how many events appear by the day and hour: \|inputlook... by russell120 Communicator in Splunk Search 12-31-2019 0 7	0	7
How to assign a custom scoring scale based on device type? (eval related) Hello, Currently we have a scoring for our systems that counts each server, router, switch, firewall, workstation, e... by UMDTERPS Communicator in Splunk Search 12-31-2019 0 8	0	8
How to find out who deleted savedsearches We found there were some savedsearches deleted for some reasons. Is it a way to find out who deleted the savedsearch... by lucas4394 Path Finder in Splunk Search 12-31-2019 0 2	0	2
Splunk fetching node as jenkins master, instead of actual slave for pipeline job builds. why? I am using jenkins's splunk plugin version 1.6.3(latest). I have configured no executor in master, so no possibility ... by rakesh635 Engager in Splunk Search 12-31-2019 3 14	3	14
Show me all events where field value not present? Greetings good people, i may be over thinking things or didn't get enough sleep. I need to return results where a fi... by yepyepyayyooo New Member in Splunk Search 12-30-2019 0 6	0	6
Copy a row in a table Hi, I am trying to conditionally add records to my table with a slight modification to the data. for example Date ... by komalg New Member in Splunk Search 12-30-2019 0 3	0	3
Regex help to extract from json Need help to extract the Phone number callForwardSelectiveDetails\":{\"description\":\"New Years Temp\",\"action\":f... by yograjpatel New Member in Splunk Search 12-30-2019 0 9	0	9
Timechart does not work correctly with another user I created several objects with my local splunk user and everything is working as expected. I need to share all items ... by sergeimartao Explorer in Splunk Search 12-30-2019 0 3	0	3
Why does count and dc behave differently? I have written the query index="main" host="web_application" \| stats count by status The result is: status c... by palisetty Communicator in Splunk Search 12-30-2019 0 1	0	1
How to sort a table by a time field in text format Hello, Here's the problem. Dashboard - Time picker is used to select a date range. But this date range is not check... by genesiusj Builder in Splunk Search 12-30-2019 0 2	0	2
What is the best way to count numbers of recipients in stanza? I have a recipient field containing a list of recipient delimited by a comma. What is the best way to calculate the t... by lucas4394 Path Finder in Splunk Search 12-30-2019 0 1	0	1
Need help using Tstats getting count of a string in raw logs I want to show the count of logs where a string appeared I have a string and need to know how many times it appears... by aamer86 Path Finder in Splunk Search 12-30-2019 0 15	0	15
How to add zeros to table when data is not found Hello, Have a question for the community: I have a table that looks like this: ADate Type 2019-12... by komalg New Member in Splunk Search 12-30-2019 0 2	0	2
How to write a search with the condition "if field1 NOT LIKE field2"? Hello, I am aware of the following search syntax field1 = something field1 = field2 field1 != field2 But I wis... by karthikmalla Explorer in Splunk Search 12-30-2019 0 8	0	8
expect value Hi I have log file like this: 09:04:04.042 module1: F[6]L: IN 09:04:01.417 module1: F[6]L: OUT 09:04:01.418 module... by indeed_2000 Motivator in Splunk Search 12-30-2019 0 7	0	7
Which fields correspond these metrics, count and percent? I have two fields on the event list. I have used Top command for that, I have got two fields and count and percent. ... by palisetty Communicator in Splunk Search 12-30-2019 0 1	0	1
How to co-relate data from multiple sourcetypes? I have data in three source types to co-relate. Time and a unique identifier number are common for all three sourcety... by ahmadshakir1952 Explorer in Splunk Search 12-29-2019 0 1	0	1
Index appearing in Interesting fields Why is that Index field doesn't appear in Selected Fields? It is appearing in interesting fields. index="homework_hos... by palisetty Communicator in Splunk Search 12-29-2019 0 3	0	3
Metasearch and Rawdata is required... Hi, I' cant end my search using metasearch when I need to find in index something with space betwen like "Microsoft ... by kryzew Explorer in Splunk Search 12-29-2019 0 5	0	5
calculate delta of success rate of a particular field for two hosts can you please help me in writing SPL query for the below scenario. I want to calculate delta of success rate of a pa... by yamini_37 Path Finder in Splunk Search 12-29-2019 0 6	0	6
Display data How would I display the following data which is part of CSV file? I am looking for a command to do that. top is not w... by palisetty Communicator in Splunk Search 12-28-2019 0 7	0	7
Swap memory is not getting cleared ? HI Splunkers, I see that swap being used and swap memory not getting released even though RAM is free.can you please... by shivanandbm Explorer in Splunk Search 12-27-2019 0 0	0	0
How to parse Powershell event logs? I am trying to read the DETAILS: section of the Powershell logs in Splunk to produce reports and split out each line:... by HackerHurricane Engager in Splunk Search 12-27-2019 0 3	0	3
How to show comparison graph of jenkins pipelines steps between two builds Hi Team, I want to show comparison graph of jenkins pipeline steps between two jenkins build. How can i get it? i am... by khandelwaly Explorer in Splunk Search 12-27-2019 0 1	0	1